The CrowdStrike
Supply Chain Attack from last Friday is still being felt, especially with the ripple
effects being felt by the major airlines.
But, more than that, people are still wondering how could a software
update cause so much turmoil around the world?
Although it
will take some time to unravel all of this, the bottom line is the sheer level
of interconnectivity among devices, both physical and digital, that is happening
today. Just one little flaw or a
vulnerability can exploited very quickly by a Cyberattacker, and cause even
more devastation.
Even though CrowdStrike
claims that this was an error in the actual patch, it was a Cyberattack. But only time will tell. But this attack underscores yet another area in
our American society that still eludes the security pundits today: how to make ou Critical Infrastructure from a
large scale Cyberattack. Unfortunately, the
answer is that there is no clear-cut solution.
The primary
reason for this is that many of the systems that were designed to support our
Critical Infrastructure was designed back in the 1960s and 1970s. Many of the vendors who created them are either
no longer in existence, or have merged with another company.
Therefore, finding
the parts to replace these legacy components is almost close to impossible. If
anything, new ones will have to be created, which could take months or even
years.
The other
issue here is that when these components were built, Cybersecurity was not even
a concept that was thought about. All of
the attention was paid to physical access security. So, even trying to add new software packages to
the ones that are already in place is by no means an easy task either.
For instance,
the main risk is that of interoperability between the two. If they don’t work together, then the chances
are much greater, something even worse could go wrong.
In the last
couple of years, we have seen attacks to our Critical Infrastructure actually
happen. Probably one of the best
examples was the attack on the Colonial Gas Pipeline. Deliveries were delayed for over a week, and the
futures markets that trade in this were also rattled. In the end, the CEO paid a ransom of well
over $4 million.
Now, one of
the greatest fears is that something like this could happen to our precious
water supply. Can you imagine not having
a fresh water supply for over a week? If
this were to happen, we would all perish.
While the fix to this is very difficult to figure out at the moment,
over time, something will evolve.
But it will
most likely take a lot of time. But this
does not mean that you, the CISO, have an excuse for not taking proactive steps
to mitigate this risk happening, if you are tasked with seeing the IT side of a
water supply system.
So, what can you
do, you might be wondering? Here are
some steps that you can take:
1)
Figure
out where all of the data lies:
Yes,
even a company that deals with the water supply has large amounts of data that they
collect and store. But many times, when
a CISO is asked if they know about where their company’s data is stored at,
they very often go “Huh”? There is no excuse
for these, IMHO. Take the time to figure
out where the datasets reside at, and how they are stored. Create data maps so that you will also have a
visual to refer to.
2)
Conduct
Risk Assessments:
When
this term is used, the image of doing this on digital assets often comes to
mind. But, this kind of methodology can
also be used for the Critical Infrastructure as well, even the water supply systems. In this regard, take close stock of what is
protecting your databases. This is one
of the first areas that a Cyberattacker will go after, so you will need to make
sure that you have at least some controls in place. While putting in new ones may not be an
option right now, you could certainly at least explore the possibilities of at
least trying to optimize them more.
3)
Look
at network traffic:
Even
with the legacy technologies that are in place, there is still network traffic
that happens. Take the time to analyze this,
and make sure that all of the traffic that happens within is always encrypted. Perhaps even consider upgrading your firewalls,
routers, hubs, network intrusion devices, etc.
The issue of interoperability with the legacy systems should not be an issue
here, as you are just trying to fortify the lines of defenses for the flows of
network traffic.
4)
Update
the documentation:
More
than likely, the documentation that comes with a piece of Critical
Infrastructure will be outdated. Therefore,
take the time to try to update them.
This will be very crucial if indeed you are impacted by a security
breach. Of course, this also underscores
the importance for Incident Response/Disaster Recovery/Business Continuity planning
as well.
My
Thought On This:
Unfortunately,
we will be seeing many more Supply Chain Attacks just like the CrowdStrike
one. Btu rather than having digital
assets being impacted, it will be our Critical Infrastructure. Remember the days of 9/11?
Well, instead of planes crashing into buildings,
we could very likely see major attacks hitting our Critical Infrastructure at the
large cities here in the United States, but in a simultaneous fashion. This is something I don’t even want to think
about, but the harsh reality is that it could very well happen.
And the worst
part yet is, how long will it take to recover?
Weeks? Months? Something to think
about, especially for you, the CISO.
No comments:
Post a Comment